User-centered Security for Protecting Patient Privacy for E-health Cloud Computing

Authors

  • Mardin A. Anwer College of Engineering, Salahaddin University, Erbil, Kurdistan Region, Iraq.
  • Ingo Stengel College of Science and Mathematics, Plymouth University, Plymouth, UK
  • Rina Dinkha Zarro College of Engineering, Salahaddin University, Erbil, Kurdistan Region, Iraq.

DOI:

https://doi.org/10.21928/juhd.v2n3y2016.pp509-514

Keywords:

E-Health, Electronic health record, privacy, User-centred Security, User Security Requirements, Multi-tier Authentication, Five Stages Proposed Application

Abstract

E-health is the present communication structure in medicine especially in developed countries.  Toward enhancing the quality of care and reduce the health care delivery cost, cloud Computing technology has been adopted.  In recent times services such as exchange and share medical data among staff and then to the patients are one the main reasons behind using this technology in e-health. Hence, using cloud computing in e-health has many challenges particularly when dealing with electronic healthcare records (EHR).

 Cloud computing is an agglomeration of technologies, operating systems, storage, networking, virtualisation, each fraught with inherent security issues. For example, browser-based attacks, denial of service attacks and network intrusion become carry-over risks into cloud computing. It differs from traditional computing paradigms as it is scalable which can be encapsulated as an abstract entity to provide different levels of services to the clients.

In this paper, we identified the users of e-health such as doctors, nurses and family members and then their security requirements are identified. An application with five stages toward encryption and decryption process is designed. Since trust is a critical factor in cloud computing, this project will investigate the obstacles that cause this technology lose its credibility in certain clouds. To enhance user authentication process, two-tier mechanisms are used to identify the user’s identity. While in confidentiality, it should be assured that information is shared only among authorised people or vendors by applying powerful cryptographic concepts. In this prototype application, the user will be able to protect his/her data and is responsible for providing a high level of security as long as these data are highly private and important.

References

[1] Thilakanathan, D., Chen S., Nepal S, Calvo R., Alem R, “A platform for secure monitoring and sharing of generic health data in the Cloud”, Future Generation Computer Systems 35 (102–113), Elsevier, 2014.
[2] HealthTech, Wire Interview (05/04/2012). Data Sharing is the key to lower healthcare costs. EMC Corporation.

[3] Abdmeziem M., Tandjaoui D.,“ An end-to-end secure key management protocol for e-health applications” Computers and Electrical Engineering 44 (2015) 184–197,2015

[4] Heiser, J & Nicolett, M. (2008) “Assessing the Security Risks of Cloud Computing”, Gartner, No. G00157782.
[5] Atayero, A. A. & Feyisetan, O. (2011) “Security Issues in Cloud Computing: The Potentials of Homomorphic Encryption”, Journal of Emerging Trends in Computing and Information Sciences. Vol 2. No. 10.
[6] Chow, R. Golle, P. Jakobsson, M. Shi, E. Staddon, R.,& Molina, J. (2009) “Controlling data in the cloud: Outsourcing computation without outsourcing control”, In ACM Workshop on Cloud Computing Security.
[7] Harauz, J. Kaufman, L. & Potter, B. (2009) “Data Security in the World of Cloud Computing”, IEEE Security and Privacy , ISSN 1540-7993.
[8] Gens, F. (2008) “IT Cloud Services User Survey, pt.2: Top Benefits and Challenges”. Enterprise IT in the Cloud Computing Era. IDC..
[9] Agrawal, V.K.& Dinesha, H.A. (2012) “Multi-level authentication technique for accessing cloud services”, Computing, Communication and Applications (ICCCA), International Conference on, Vol. 10, No. 5, pp1-4.
[10] Agrawal, V.K.& Dinesha, H.A. (2012) “Multi-level authentication technique for accessing cloud services”, Computing, Communication and Applications (ICCCA), International Conference on, Vol. 10, No. 5, pp1-4.

[11] Riedl B., Grascher V., Neubauer T.,“A Secure e-Health Architecture based on the
Appliance of Pseudonymization” JOURNAL OF SOFTWARE, VOL. 3, NO. 2, FEBRUARY, 2008

[12] Liu C., Huanga X., Liu J.“Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption” Future Generation Computer Systems 52 (2015) 67–76, 2014

Published

2016-08-31

Issue

Section

Articles